First page Back Continue Last page Summary Graphic
The goal of internal security is to safeguard critical files against corruption in the even that the black hat is already in. One of the methods used by crackers is to replace critical files such as ps, ls, find, locate with versions that will hide the activities of the cracker (a rootkit attack). Programs such as Tripwire or FCheck will authenticate these files, so their replacement will be noticed. It is extremely important to store copies of these databases offline, since if someone does get into the machine, he cannot access media that is not online from a remote location.